[Mail_supt] HB96 Cybersecurity Standards

Thor Sage sage at mveca.org
Thu Jul 31 08:06:56 EDT 2025 

Good morning!
I understand that registration filled up for the Cyber Ohio seminar.  There will be subsequent events coming up in August.  In the meantime, here is a link to a recording of the session:

Recording Link<https://player.cloudinary.com/embed/?cloud_name=stateofohio&secure_distribution=dam.assets.ohio.gov&private_cdn=true&public_id=cyber.ohio.gov%2FMicrosoftTeams-video_1&profile=cld-default>

This information is available on the CyberOhio website as well.  There will be additional information and FAQs posted soon.

https://cyber.ohio.gov/priorities/assisting-local-government-entities/ohio-hb-96-new-cybersecurity-requirements-for-public-entities

Thank you,
Thor


Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/>
Not-for-profit Technology Services for Education and Local Governments

From: Thor Sage
Sent: Thursday, July 17, 2025 3:39 PM
To: Thor Sage <sage at mveca.org>
Subject: HB96 Cybersecurity Standards

Dear Technology Contacts, Managers, and Administrators,
Please forward this message to those in your organization responsible for, or interested in, your cybersecurity implementations.

New Cyber Security standards - standards that apply to you - were introduced and approved as part of the recently approved biennial operating budget (HB96).  These security standards apply to all local governments and school districts, effective September 30, 2025.   Despite some remaining ambiguity surrounding these standards, there is no question that these requirements include the following:


  *   Local governments and school districts must adopt a cybersecurity program that safeguards your data, information technology, and information technology resources so as to ensure availability, confidentiality, and integrity of data and technology.  Examples of this include, but are not limited to: NIST Cybersecurity Framework (CSF), and CIS controls.
  *   Governments and school districts must conduct annual cybersecurity awareness training.
  *   You are required to notify the executive director of the Division of Homeland Security within the Ohio Department of Public Safety (within 7 days) and the Ohio Auditor of State's office (within 30 days) following a cybersecurity or ransomware incident.
  *   Additionally, all local governments and school districts experiencing a ransomware incident are prohibited from paying or otherwise complying with a ransom demand, unless their legislative authority formally approves the payment or compliance with the ransom demand in a resolution or ordinance that specifically states why the payment or compliance with the ransom demand it is in their best interest.


We encourage and strongly recommend that all governments and school districts register for and attend a FREE webinar being offered by Cyber Ohio to learn more about these requirements.   This webinar is scheduled for Wednesday, July 30th from 12:30 - 1:30 p.m.   The registration link is HERE<https://events.gcc.teams.microsoft.com/event/43b6f732-2051-417b-b732-c942e3daeda3@50f8fcc4-94d8-4f07-84eb-36ed57c7c8a2>.  You can rely on MVECA/MVTCG to be your primary source of resources and information on new state requirements and all manner of support in regards to IT and data security.
Thank you,
Thor

Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/>
Not-for-profit Technology Services for Education and Local Governments

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20250731/31963f32/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image001.jpg
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20250731/31963f32/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image002.jpg
URL: <http://listserv.mveca.org/pipermail/mail_supt/attachments/20250731/31963f32/attachment-0001.jpg>

More information about the Mail_supt mailing list